Haklistgen turns any junk text into a usable wordlist for brute-forcing.
Installation
go install github.com/hakluke/haklistgen@latest
Usage Examples
Scrape all words out of an HTTP response to build a directory bruteforce wordlist:
curl https://wikipedia.org | haklistgen
Pipe a list of subdomains to it to generate a wordlist for bruteforcing more subdomains:
subfinder -silent -d example.com | haklistgen
Piping in a custom JavaScript file could yield some interesting results:
curl https://example.com/app.js | haklistgen
You could create a great custom wordlist for a large-scope target doing something like this:
subfinder -silent -d hakluke.com | anew subdomains.txt | httpx -silent | anew urls.txt | hakrawler | anew endpoints.txt | while read url; do curl $url –insecure | haklistgen | anew wordlist.txt; done
cat subdomains.txt urls.txt endpoints.txt | haklistgen | anew wordlist.txt;
This would save subdomains to subdomains.txt
, then save httpx output to urls.txt
, then crawl each url and save the hakrawler output to endpoints.txt
, then fetch every URL in endpoints.txt
and make a wordlist out of it, concatenating all of the wordlists to wordlist.txt
. Then it takes all of the subdomains and urls, and adds words out of the words in those too.
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…